Report Malware and Suspicious Links here so Mods can take Action ! - page 10.

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fake Ann Thread with an Fake Github Account with Malware for [KASPAR] Kasparov !

Fake Github : github.com/tehasholdem/Kasparov
The File on the Fake Github has already the size of 170 MB as the other Malware files
Github Account was created on 10 November this is also the same date as the github.com/toootoooo/NetworkPHYS Account

Code:

C:\Users\user\AppData\Local\Temp\db4dfn0r.gxn\kasparov-gui.exe" /VERYSILENT
C:\Users\user\AppData\Local\Temp\is-LFTIA.tmp\kas.tmp" /SL5="$B019A,159993928,842240,C:\Program Files (x86)\My Program\kas.exe"
C:\Program Files (x86)\My Program\electrum.exe
C:\Program Files (x86)\My Program\kas.exe

C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="KDX genkeypair" program="C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe" dir=out action=allow enable=yes
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

ET MALWARE Observed Malicious SSL Cert
ET MALWARE Generic AsyncRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup
Suspicious DNS Query for IP Lookup Service APIs

Source: https://www.virustotal.com/gui/file/6b639de205612d838e0f40ca43372f6e67a16c034b0108b0c4095af618841e97/behavior

Account : boxpackaging <--- Please ban or Lock that Account and delete the Thread
Registered since August 04, 2020 , Hacked or sold Account !

Fake Ann Thread: [ANN] [KASPAR] Kasparov - experimental fork Kaspa with new algo (POW+CPU mining)

Quote from: boxpackaging on December 15, 2023, 05:35:32 AM

Wallets

Code:

Windows GUI: https://github.com/tehasholdem/Kasparov/releases/download/0.9.0/kasparov-gui.zip
Source: https://github.com/tehasholdem/Kasparov/

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fake Ann with a new Fake Github Account with malware Link for [PHYS] PhysicalNetwork !

Github Account was created on November 10, 2023

Fake Github : github.com/toootoooo/NetworkPHYS

Same here as from the other Fake Github Files that was posted from the Hackers

Code:

Processes created

C:\Users\user\AppData\Local\Temp\qcdh5c4k.vj2\physnetwork-qt\physnetwork-qt.exe" /VERYSILENT
C:\Program Files (x86)\My Program\electrum.exe
C:\Program Files (x86)\My Program\kas.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Files Dropped
C:\Program Files\Kaspa\KDX\
C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe

ET MALWARE Observed Malicious SSL Cert
ET MALWARE Generic AsyncRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup
Suspicious DNS Query for IP Lookup Service APIs

Source : https://www.virustotal.com/gui/file/d103c368f748aeea587e47888c9a832cb1abc5d03797639af59ae58bf3e775c6/behavior

Account : rednick <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since February 27, 2018, lst post was March 09, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] [PHYS] PhysicalNetwork - scalable and private network [GPU/ghostdag]

Quote from: rednick on December 13, 2023, 03:52:17 PM

Wallets

Code:

Windows: https://github.com/toootoooo/NetworkPHYS/releases/download/1.0.0/physnetwork-qt.zip
Linux: https://github.com/toootoooo/NetworkPHYS/releases/download/1.0.0/phys-linux.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fkae Ann Thread with an Fake Github , Malware downlaod Link for [NRP] Physical Network !

Fake Github : github.com/waynedickey/phys-network

Very bad things going on when you start the File from that Github.

Code:

Hidden Tear Ransomware
HanaLoader (Sysmon detection)
PsiXBot Malware behavior
Orcus RAT detection
DropboxAES RAT (Sysmon detection)
Change PowerShell Policies to an Insecure Level
POLICY-OTHER HTTP request by IPv4 address attempt

Source : https://www.virustotal.com/gui/file/f42ba385274e659f519fcecf8e673c527ccf7277d3b4b139989fb35202aa3007/behavior

Account : blouch <--- Please ban or Lock that Account and delete the Thread
Hacked or sold Account

Fake Ann Thread : [ANN] [NRP] Physical Network - experimental POW mining (ghostdag)

Quote from: blouch on December 12, 2023, 08:26:25 AM

Wallets

Code:

Windows: https://github.com/waynedickey/phys-network/releases/download/0.0.1/phys-qt-win64.zip
Linux: https://github.com/waynedickey/phys-network/releases/download/0.0.1/phys-linux.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: BABY SHOES on December 11, 2023, 08:30:47 AM

Thanks Lafu, I will keep posting here when I find fake ANNs spreading malware with fake github here.
I've updated it with code so someone can't click on it.

Nice Thanks for the edit and this helps for sure that its not accidentally clickable for other Users.
Also thanks for keeping your eyes open and you are right on that last Fake Ann.

There is more evidence and information about that Fake Github File when you looking on the behavior of the File.

And its the same file as we got it from Fake Github github.com/troyseate/electrum-kas just a other Github Account.

Code:

C:\Program Files (x86)\My Program\MyProg.exe
C:\Program Files (x86)\My Program\electrumkas.exe
C:\Program Files (x86)\My Program\electrumkas.exe.config
C:\Program Files (x86)\My Program\electrumkas.exe\:Zone.Identifier

Source : https://www.virustotal.com/gui/file/90865b85c96429951ec2d1014398dfaf336e5be6cfd6d6fcbb13827184e1a4f8/behavior

Whats interesting on that File is that here:

Code:

fullnode-win64/fullnode-win64-qt.exe
256 - C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="KDX kaspa-miner" program="C:\Program Files\Kaspa\KDX\bin\windows-x64\gpuminer.exe" dir=out action=allow enable=yes

It modifies your Firewall when you start the Wallet.exe and a lot of other bad things.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

A fake ANN that spreads malware from github and accounts just woke up with 5 years of sleep.

User: ranastic Please ban or Lock that Account - This user recently woke up from a long period of inactivity.
ANN Fake: [ANN] BURNSTAR - New GEM for GPU mining (GPU PoW/ghostDAG/blockDAG)

Quote from: ?? on ??

Code:

[b]OUR WALLETS[/b]
Windows: https://github.com/tpillatzke/burnstar/releases/download/1.0.0/fullnode-win64.zip
Linux: https://github.com/tpillatzke/burnstar/releases/download/1.0.0/burnstar-linux.zip
Source: https://github.com/tpillatzke/burnstar

Virustotal: https://www.virustotal.com/gui/file/90865b85c96429951ec2d1014398dfaf336e5be6cfd6d6fcbb13827184e1a4f8/detection

Quote from: Lafu on December 10, 2023, 04:49:20 PM

I really appreciate it that you keep your eyes open and posting this things here in the thread to collect as much data for the Fake Github Account.
But again is it possible when you write your posts that you use the code function ( as i have done it in your quote ) for the Links so that nobody can click on them , that would be nice.

Thanks Lafu, I will keep posting here when I find fake ANNs spreading malware with fake github here.
I've updated it with code so someone can't click on it.

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: BABY SHOES on December 08, 2023, 05:57:56 AM

I reported a fake ANN with the same case above, and now the old account is alive again to spread malware through github.

Github fake

Quote from: ?? on ??

GITHUB

Code:

WINDOWS: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-win64.zip
LINUX: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-linux.zip
SOURCE: https://github.com/troyseate/purn-network

Yes there was a few of them the last days but they got already all deleted.
I really appreciate it that you keep your eyes open and posting this things here in the thread to collect as much data for the Fake Github Account.
But again is it possible when you write your posts that you use the code function ( as i have done it in your quote ) for the Links so that nobody can click on them , that would be nice.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

I reported a fake ANN with the same case above, and now the old account is alive again to spread malware through github.

User: Toto2020 Please ban or Lock that Account
ANN Fake: [ANN] PURN-NETWORK - Kaspa fork with new features (GPU PoW/ghostDAG)

Virustotal: https://www.virustotal.com/gui/file/281768a452b533759c21c0dc80b81cf0d49de1be645368fbdda8c66dcb7120d3/detection

Github fake

Code:

WINDOWS: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-win64.zip
LINUX: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-linux.zip
SOURCE: https://github.com/troyseate/purn-network

Lafu

legendary

Activity: 3136

Merit: 3213

And we have again a new Fake Ann Thread with the Fake Github Link with Malware for PURN !

Fake Github : github.com/troyseate/purn-network

This Fake Github Account have already other Links in it too.

Code:

github.com/troyseate/purn-network
github.com/troyseate/electrum-kas
github.com/troyseate/pyrinwallet
github.com/troyseate/electrum
github.com/troyseate/awesome-nodejs

Windows already gives you a Warning vor Virus and Trojan when you try to download the File from the Fake Github.

Account : Digitminer <--- Please ban or Lock that Account and delete the Thread
Registered since July 15, 2017 , Hacked or sold Account

Quote from: Digitminer on December 07, 2023, 07:53:59 AM

WINDOWS:

Code:

https://github.com/troyseate/purn-network/releases/download/1.0.0/windows.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

We have a new Fake Ann Thread with anew Fake Github Account with Malware and Trojan download Link for KASTLS (kaspa tools project) !

The Fake Github download File was created 2 Days ago.

Fake Github : github.com/troyseate/electrum-kas

A Many shady and bad things happen when you start the Wallet File:

Code:

MALWARE TROJAN EVADER RAT

Detects Schtask creations that point to a suspicious folder or an environment variable often used by malware
Detects DNS queries for IP lookup services such as "api.ipify.org" originating from a non browser process.
Detects the addition of a new rule to the Windows firewall via netsh
Detects scheduled task creations or modification to be run with high privileges on a suspicious schedule type
Detects the creation of scheduled tasks in user session
Detects the load of RstrtMgr DLL (Restart Manager) by an uncommon process. This library has been used during ransomware campaigns to kill processes 
Detects loading of Amsi.dll by uncommon processes
Detects a WMI modules being loaded by an uncommon process

C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe
C:\Program Files\Kaspa\KDX\bin\windows-x64\gpuminer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\RestartManager

C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Discord startup" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Also your Discord App will be compromised with it on the startup.

Source : https://www.virustotal.com/gui/file/4dcae6a5ede0c0059bf0cdce636b144c40faa65c4539f91d456cc8df333509ff/behavior

Account : fanepatent2 <--- Please ban or Lock that Account and delete the Thread and Posts
Registered since November 23, 2017 possible hacked or sold Account

Fake Ann Thread : [ANN] KASTLS - kaspa tools project (For using)

Quote from: fanepatent2 on December 05, 2023, 02:13:01 PM

Hello community!

Code:

https://github.com/troyseate/electrum-kas/tree/main

Fake Posts :
https://bitcointalksearch.org/topic/ann-pyrin-pyi-gpu-pow-ghostdag-blockdag-5476198
https://bitcointalksearch.org/topic/ann-karlsen-kls-gpu-pow-a-fork-of-kaspa-with-kheavyhash-asic-resistance-5475216
https://bitcointalksearch.org/topic/ann-kaspa-kas-cpu-pow-ghostdag-5373286

This post is also a reference for the Github Report !

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

I found a suspicious thread that did not share a link within GitHub but rather with a free website from GoDaddy and there it appeared to be spreading a virus downloaded via mega.nz

User: FunkySkunk
ANN Fake: Release: New Altcoin - A even Lite version of Litecoin Called Obsidian (OBS)

Virustotal: https://www.virustotal.com/gui/file/8f836b7a9ecfcc716ee78bef17494d4789134646b695df05b656714a98b57ea1/detection

I found Obsidian project's old ANN : Obsidian ODN - CryptoCurrency & Secure Anonymous Messaging

Lafu

legendary

Activity: 3136

Merit: 3213

We have a new Fake Ann Thread with a new Fake Github Malware download Link for MentaCoin (MNLC) !

The Fake Github Account was just created 1 Hour ago.

Fake Github : github.com/MNLCoinNetwork/MentaCore
Real Github : github.com/MentaCoin

Lot of bad things happen when you download and start the Files from the Fake Github.

Code:

Drops script at startup location
Detects Schtask creations that point to a suspicious folder or an environment variable often used by malware
Detects the execution of a renamed AutoIt2.exe or AutoIt3.exe. AutoIt is a scripting language and automation tool for Windows systems.
Attackers can leverage AutoIt to create and distribute malware, including keyloggers, spyware, and botnets
This detection method points out highly relevant Antivirus events
A Network Trojan was detected
Device Retrieving External IP Address Detected

C:\Users\user\AppData\Local\Oliver Robinson\SocialPulse Monitor.pif
C:\Users\user\AppData\Local\Temp\8819\5865\jsc.exe 
C:\Users\user\AppData\Local\Temp\flofy.exe
C:\Users\user\AppData\Local\Temp\noply.exe
C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Legal + Rebel + Desktops + Sleeve + Romania 5865\Peeing.pif
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 2176
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\Temp\QY7M5JAACrWc.bat"

Source : https://www.virustotal.com/gui/file/0a483d211b2e8cefa76989095cb7965eae7a13d67626a96497dc213b0fae4a80/behavior

Account : Taoktoyre <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] MentaCoin (MNLC) - Unleashing the Power of Minting for Mental Health

Quote from: ?? on ??

Code:

https://github.com/MNLCoinNetwork/MentaCore/

This post is also a reference for the Github Report !

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

The old account suddenly woke up by posting to spread the virus via a github link.

User: Jesus32 - Please ban this user and lock the thread.
ANN Fake: [Pre-ANN] TOCKXS - world processor (Ghostrider, Build own exchange)

Virustotal: https://www.virustotal.com/gui/file/b0058392ab90e7fa53d0bef8a88bb4a3b207144704565731406962f35211d3dc/behavior

Quote from: ?? on ??

Wallets
WIndows: https://github.com/tockx/tockx-core/releases/tag/1.0.0
Source: https://github.com/tockx/tockxs-core

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fake Ann Thread again with a new Fake Github Malware download Link for MNSC !

The Fake Github was just created 4 Hours ago.

Fake Github : github.com/voknelez/MNSCoin
Real Github : github.com/NewMNSavings/NewMNSCoin/

Same here for the Fake Github files:

Code:

Detects the usage of binaries such as 'net', 'sc' or 'powershell' in order to stop, pause or delete critical or important Windows services such as AV, Backup, etc. As seen being used in some ransomware scripts
Detects DNS queries for IP lookup services such as "api.ipify.org" originating from a non browser process.
Detects the stopping of a Windows service

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Virustotal : https://www.virustotal.com/gui/file/9b3d70ad7020b97311fcbe6d69a6181acc09d83e886f0f08f1eff35d0cb8b076/behavior

Account : salmanb <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since December 06, 2018 , Hacked or sold Account

Fake Ann Thread : [ANN] Concept blockchain technology for QUARK (Pow, Quark)

Quote from: ?? on ??

Wallets

Code:

Windows: https://github.com/voknelez/MNSCoin/releases/download/1.0.0/MNSC-Win.zip

Original Ann Thread : New Masternode Savings Coin (nMNSC)

Account : Kryptoyaner

Quote from: Kryptoyaner on August 29, 2023, 11:31:33 PM

Wallets:
• Windows: https://github.com/NewMNSavings/NewMNSCoin/releases/download/v1.0.0/nMNSC-Win.zip

New Fake Ann Thread again for NikiChain

Same Fake Github Account as for MNSC

Fake Github : github.com/voknelez/MNSCoin
Fake Github : github.com/voknelez/nikichain

Account : kuzgun51 <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Hacked or sold Account

Fake Ann Thread : [ANN] NikiChain - blockchain with crypto bridges (CPU, Mine and Exchange now)

Quote

NikiChain Wallet:

Code:

Windows : https://github.com/voknelez/nikichain/releases/download/2.0.2.3/windows-nikichain-2.0.2.3.zip

Quote from https://bitcointalksearch.org/topic/--5474315

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fake Ann Thread with an new Fake Github Malware download Link for CommunityCoin !

The Fake Github was created 16 Hours ago.

Fake Github : github.com/CommunityCash
Real Github : github.com/CommunityCoin

Virustotal with 6 detections : https://www.virustotal.com/gui/file/21767196a889ef21fba60611b753272154634011499000685d53534da33a247a/behavior

Code:

Detects suspicious new RUN key element pointing to an executable in a suspicious folder
Detects modification of autostart extensibility point (ASEP) in registry.

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

The Fake Github was not long ago updated with new Files that now have Malware and Trojan in it.

Code:

Generic.Malware.AI.DDS
Generic ML PUA (PUA)
Malware.SwollenFile!1.E38A (CLASSIC)
Trojan.Barys

Account : Xabikonjes <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] CommunityCoin: Empowering the Community with CMNT
The Thread is self-moderated

Quote from: ?? on ??

Code:

https://github.com/CommunityCash/CommunityCoin

This post is also a reference for the Github Report !

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: Bitcoin_Arena on November 14, 2023, 06:57:59 PM

This one is trying to sell cryptowallet drainers, which are also classified as malware. The scripts are created to drain off crypto from a person's address once they try to connect their wallet to the website

mercy_rain <--- Nuked

Nice seeing that the mods did a quick job. The user was banned, however he is back with a new account. Spreading malware and evading ban at the same time

New account: mercy___rain <--- Please ban or Nuke

ANN: WTS (Selling Drainers) Archive: https://ninjastic.space/topic/5474135
I have also reported his Fake GitHub account. I hope GitHub does what is required.

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

This one is trying to sell cryptowallet drainers, which are also classified as malware. The scripts are created to drain off crypto from a person's address once they try to connect their wallet to the website

mercy_rain <--- Please ban or Nuke

Thread: WTS (Selling Drainers) Archive - https://ninjastic.space/topic/5474076

Fake GitHub link: github.com/ggrner (only 2 weeks old)

Drainer links

Code:

https://github.com/ggrner/golden-drainer 
https://github.com/ggrner/stepn-solana-drainer
https://github.com/ggrner/spaceX_v3_drainer_2023

He even confessed that GitHub keeps deleting his repositories

Quote from: ?? on ??

Github too often deletes repositories and I need create new acc

light_warrior

copper member

Activity: 588

Merit: 926

I think this is a malware thread, as many threads with this coin have already been deleted and users who posted a similar thread have been banned. I don't know if I'm right or not, please check.

ViktorStrange

Thread

[ANN] NikiChain - blockchain with crypto bridges (CPU mining, Ghostrider)

Malware link

Code:

https://github.com/teubub411/NikiBlockchain/releases/download/2.0.2.3/windows-nikichain-2.0.2.3.zip

Lafu

legendary

Activity: 3136

Merit: 3213

And again a new Fake Ann Thread with a new Fake Github Malware download Link for BRANDS again !

Fake Github was created 4 Hours ago.

Fake Github : github.com/vandia1/CryptoBrands

The downloaded and installed files from there have this here:

Code:

Registry keys set
HKEY_CURRENT_USER\Software\Evrmore
HKEY_CURRENT_USER\Software\Evrmore\Evrmore-Qt
HKEY_CURRENT_USER\Software\Microsoft\RestartManager

C:\ProgramData\ThunderboltDriver\tbdriver.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn ThunderboltDriver /tr C:\ProgramData\ThunderboltDriver\tbdriver.exe /sc onlogon /it /f /rl HIGHEST
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source : https://www.virustotal.com/gui/file/5a4ea5abd5f2150b2cc346cf7564454cb6d4bfdda2876324f88e267eb8242d90/behavior

Account : BukanAdit <--- Please ban or Lock that Account and delete the Thread
Registered since May 19, 2020 , Hacked or sold Account

Fake Ann Thread : [ANN] Decentralized tech mining system/GPU mining/Airdrop

Quote from: ?? on ??

WALLET
Windows:

Code:

https://github.com/vandia1/CryptoBrands/releases/download/1.0.0/brands-win64.zip

This post is also a reference for the Github Report !

Bureau

sr. member

Activity: 490

Merit: 279

Another post on the Indian local board with a suspicious link. Please check it and delete the post. I have already reported it to the global mods but I think there should be a local mod to remove such links. I do not understand why a big board like India does not have a local mod to date. There are a few sub-boards that need to be restructured and a lot of pin messages need to be removed. At the moment it is not done as global mods are busy and won't work on such issues.

The link to the post: https://bitcointalksearch.org/topic/--5474041

Lafu

legendary

Activity: 3136

Merit: 3213

And again there is a new Fake Ann Thread with an Fake Github Malware download link for BRANDS !

Fake Github : github.com/veramuraga/BlockchainBrands

The Fake Github was just created 1 Hour ago.

The downloaded and installed files from there have this here:

Code:

Registry keys set
HKEY_CURRENT_USER\Software\Evrmore
HKEY_CURRENT_USER\Software\Evrmore\Evrmore-Qt
HKEY_CURRENT_USER\Software\Microsoft\RestartManager

C:\ProgramData\ThunderboltDriver\tbdriver.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn ThunderboltDriver /tr C:\ProgramData\ThunderboltDriver\tbdriver.exe /sc onlogon /it /f /rl HIGHEST
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source : https://www.virustotal.com/gui/file/5a4ea5abd5f2150b2cc346cf7564454cb6d4bfdda2876324f88e267eb8242d90/behavior

Account : Darkvi <--- Please ban or Lock that Account and delete the Thread
Registered since January 20, 2019 , Hacked or sold Account

Fake Ann Thread : [Pre-ANN] BRANDS - new trading tech [ProgPow/New eco area]

Quote from: ?? on ??

WALLETS

Code:

Github: https://github.com/veramuraga/BlockchainBrands/releases/tag/1.0.0

This post is also a reference for the Github Report !

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 10. (Read 36997 times)